IPv6 endpoint incorrectly identified when cloudflare-ddns runs on a host inside an IPv6 LAN

[southseaboy]

When running cloudflare-ddns on a host inside my LAN ( with "aaaa": false in config.json) the IPv6 address set in the Cloudflare AAAA record is the IPv6 address of the local cloudflare-ddns host (set by prefix delegation / SLAAC) rather than the external address of the WAN interface on the router.

The behaviour I need is that the IPv6 and IPv4 addresses set by cloudflare-ddns are those of the externally facing WAN interface of my router.

This appears to be caused by cloudflare cdn-cgi api, which is used by cloudflare-ddns to identify the IP addresses to use for setting the cloudflare DNS records.

The cloudflare cdn-cgi api identifies the IPv6 interface address of the host that is running the query rather than the external WAN address of the network. This is not the same as the behaviour for IPv4.

To test this I ran:

curl https://www.cloudflare.com/cdn-cgi/trace --ipv6

and

curl https://www.cloudflare.com/cdn-cgi/trace --ipv4

from a terminal on a host inside my LAN. The IPv4 address was correctly identified as the ISP provided external address of my router, but the IPv6 address identified is the delegated address of the host interface.

My network router is a Ubiquiti USG, and IPv6 is configured to use the automatic prefix delegation from my ISP, and the host sets its IPv6 address using SLAAC and the /64 subnet from the router advertisement set by the USG.

I'm not sure if there is any way to adjust the cdn-cgi/trace call to find the ISP allocated WAN interface address, so this may be a limiting behaviour for certain use cases.

[timothymiller]

I need more information on this. Running that curl command on a client machine should return the same value as the docker container.

FWIW When I curl https://www.cloudflare.com/cdn-cgi/trace --ipv6 on my machine, it returns an error: